Protecting email addresses for my Alumni Internet Directory

MVHS Spartan I’ve been publishing the Mountain View High School Alumni Internet Directory online since 1995. Think of it as an free version of, but just for my high school.

Since a group of us started planning our 10-year reunion, I’ve been thinking about the website more recently. I’ve had RSS feeds on the site since the summer of 1999 (long before I ever heard of blogging), but I finally added the orange XML icon (View the raw XML source) today.

One of the things that has always made alumni timid about using the site is the possibility of getting spam. The fact that their email addresses are published on the web makes them good candidates for email harvester bots. I originally addressed this problem by adding a <meta name="robots" content="noindex,nofollow"> tag to the site, hoping that bots would respect that.

Later, I started using the decimal HTML entity encoder trick (listing addresses like mailto:mradwin&#64;yahoo&#46;com) but I’m sure spammers will catch onto that soon.

So the only thing left to do is to create a “send email to this user” form and list the addresses in the same way that Y! Groups does. The links will look to the user like mradwin@y..... but instead of being a mailto:, they’ll be regular hyperlink to a /bin/mail?to=<secret base64 encoded data> form which asks for an email address and sets the Reply-To header.

The 1500+ alumni registered on the site right now would definitely benefit from this feature. Plus, after changing the email links to use the email-protect form, I’d be able to remove the robots meta tag, which would allow Google and other legit search engines index the site better, increasing visibility to the larger alumni community.

I’ve just gotta find the time to code the thing.

[Update: I found some time to write the code. The mailto: links have been replaced with a web form]

4 thoughts on “Protecting email addresses for my Alumni Internet Directory”

  1. Why not use images to do the job? For each letter of an address, say “j”, [img src=j.png] (or some encoded version of that). You wouldn’t be able to link a mailto: href to them, but people know what to do with an email address.

  2. Because people’s email addresses would still be visible on a public website, making them vulnerable to spam. Yes, it would discouage robots, but no, it wouldn’t solve the general problem of some random person having their email address.

    If the website controls access via some web form mail script, then in theory we can detect (and prevent) abuse.

  3. IIRC there was an article somewhere a while back (sorry I can’t be more helpful) that used javascript to output the letter codes (ie: &#12345;) for an email address, making it so the only way you could really get them would be to literally copy/paste them from the page, a pretty much manual-only job. If I can find the article I’ll pass it on.

Comments are closed.